Apache Server - Protect Folders

You can protect your admin folders from online user at the server level. Apache allows you at add additional security (UN and PW) to the “Back Office” folder even though your website is protected with a username and PW. Yes you will need two sets of credentials, but you can never be to secure. You will need local host access or FTP access and command line to access to the remote server.

First, Setup this folder on your workstation as .htaccess.txt Add the following information. Then FTP this file to your folder you want protected.

AuthType Basic
AuthName "Password Required"
AuthUserFile /yourDirPath/HTdoc/website/admin/.htpasswd
require valid-user

 

Once its on your server you will need to change its name to .htaccess (remove the .txt and keep the period in front of the filename) and change the permissions CHMOD to 644.

Second use you command line and navigate to the folder you want protected.

From here, you will create the username and password file. Type in the commands below:

 

htpasswd -c .htpasswd username
New Passwor:
Retype new Password:

The above code uses the -c switch to create the .htpasswd file. The below code is for any addition people you want to give access to.

 

htpasswd .htpasswd username
New Passwor:
Retype new Password:

To remove a person from the system type the command below:

 

htpasswd -d .htpasswd username:

Notice the -d is the switch that will remove this user

 

Restart Apache service use the command below

sudo /etc/init.d/apache2 restart